From 08a37ee961964325ca4651be92ed4ff101d0eb1f Mon Sep 17 00:00:00 2001 From: huzvar <89766648+huzvar@users.noreply.github.com> Date: Tue, 5 Oct 2021 15:55:22 +0200 Subject: [PATCH] Add dynamic Group Attribute. (#119) * Add dynamic Group Attribute. * Update ldap_functions.inc.php * Update show_group.php * Update run_checks.php --- www/account_manager/show_group.php | 2 +- www/includes/config.inc.php | 1 + www/includes/ldap_functions.inc.php | 26 +++++++++++++------------- www/setup/run_checks.php | 4 ++-- 4 files changed, 17 insertions(+), 16 deletions(-) diff --git a/www/account_manager/show_group.php b/www/account_manager/show_group.php index e5c367c..1fe1162 100644 --- a/www/account_manager/show_group.php +++ b/www/account_manager/show_group.php @@ -50,7 +50,7 @@ elseif (isset($_POST['initialise_group'])) { $new_group = FALSE; $initialise_group = TRUE; $current_members = array(); - $full_dn = "cn=$group_cn,${LDAP['group_dn']}"; + $full_dn = "${LDAP['group_attribute']}=$group_cn,${LDAP['group_dn']}"; $has_been = "created"; } else { diff --git a/www/includes/config.inc.php b/www/includes/config.inc.php index 749ebd6..4dcf4c5 100644 --- a/www/includes/config.inc.php +++ b/www/includes/config.inc.php @@ -24,6 +24,7 @@ #Optional $LDAP['account_attribute'] = (getenv('LDAP_ACCOUNT_ATTRIBUTE') ? getenv('LDAP_ACCOUNT_ATTRIBUTE') : 'uid'); + $LDAP['group_attribute'] = (getenv('LDAP_GROUP_ATTRIBUTE') ? getenv('LDAP_GROUP_ATTRIBUTE') : 'cn'); $LDAP['group_ou'] = (getenv('LDAP_GROUP_OU') ? getenv('LDAP_GROUP_OU') : 'groups'); $LDAP['user_ou'] = (getenv('LDAP_USER_OU') ? getenv('LDAP_USER_OU') : 'people'); diff --git a/www/includes/ldap_functions.inc.php b/www/includes/ldap_functions.inc.php index 8a4135e..b35279e 100644 --- a/www/includes/ldap_functions.inc.php +++ b/www/includes/ldap_functions.inc.php @@ -420,9 +420,9 @@ function ldap_get_group_list($ldap_connection,$start=0,$entries=NULL,$sort="asc" $records = array(); foreach ($result as $record) { - if (isset($record['cn'][0])) { + if (isset($record[$LDAP['group_attribute']][0])) { - array_push($records, $record['cn'][0]); + array_push($records, $record[$LDAP['group_attribute']][0]); } } @@ -444,7 +444,7 @@ function ldap_get_dn_of_group($ldap_connection,$group_name) { if (isset($group_name)) { - $ldap_search_query = "(cn=" . ldap_escape($group_name, "", LDAP_ESCAPE_FILTER) . ")"; + $ldap_search_query = "(${LDAP['group_attribute']}=" . ldap_escape($group_name, "", LDAP_ESCAPE_FILTER) . ")"; $ldap_search = @ ldap_search($ldap_connection, "${LDAP['group_dn']}", $ldap_search_query , array("dn")); $result = @ ldap_get_entries($ldap_connection, $ldap_search); @@ -466,7 +466,7 @@ function ldap_get_group_members($ldap_connection,$group_name,$start=0,$entries=N if ($LDAP['rfc2307bis_check_run'] != TRUE) { $rfc2307bis_available = ldap_detect_rfc2307bis($ldap_connection); } - $ldap_search_query = "(cn=". ldap_escape($group_name, "", LDAP_ESCAPE_FILTER) . ")"; + $ldap_search_query = "(${LDAP['group_attribute']}=". ldap_escape($group_name, "", LDAP_ESCAPE_FILTER) . ")"; $ldap_search = @ ldap_search($ldap_connection, "${LDAP['group_dn']}", $ldap_search_query, array($LDAP['group_membership_attribute'])); $result = @ ldap_get_entries($ldap_connection, $ldap_search); @@ -513,7 +513,7 @@ function ldap_is_group_member($ldap_connection,$group_name,$username) { if ($LDAP['rfc2307bis_check_run'] != TRUE) { $rfc2307bis_available = ldap_detect_rfc2307bis($ldap_connection); } - $ldap_search_query = "(cn=" . ldap_escape($group_name, "", LDAP_ESCAPE_FILTER) . ")"; + $ldap_search_query = "(${LDAP['group_attribute']}=" . ldap_escape($group_name, "", LDAP_ESCAPE_FILTER) . ")"; $ldap_search = @ ldap_search($ldap_connection, "${LDAP['group_dn']}", $ldap_search_query); if ($ldap_search) { @@ -550,13 +550,13 @@ function ldap_user_group_membership($ldap_connection,$username) { } $ldap_search_query = "(&(objectClass=posixGroup)(${LDAP['group_membership_attribute']}=${username}))"; - $ldap_search = @ ldap_search($ldap_connection, "${LDAP['group_dn']}", $ldap_search_query, array('cn')); + $ldap_search = @ ldap_search($ldap_connection, "${LDAP['group_dn']}", $ldap_search_query, array($LDAP['group_attribute'])); $result = ldap_get_entries($ldap_connection, $ldap_search); $groups = array(); foreach ($result as $record) { - if (isset($record['cn'][0])) { - array_push($groups, $record['cn'][0]); + if (isset($record[$LDAP['group_attribute']][0])) { + array_push($groups, $record[$LDAP['group_attribute']][0]); } } sort($groups); @@ -578,7 +578,7 @@ function ldap_new_group($ldap_connection,$group_name,$initial_member="") { $new_group = ldap_escape($group_name, "", LDAP_ESCAPE_FILTER); $initial_member = ldap_escape($initial_member, "", LDAP_ESCAPE_FILTER); - $ldap_search_query = "(cn=$new_group,${LDAP['group_dn']})"; + $ldap_search_query = "(${LDAP['group_attribute']}=$new_group,${LDAP['group_dn']})"; $ldap_search = @ ldap_search($ldap_connection, "${LDAP['group_dn']}", $ldap_search_query); $result = @ ldap_get_entries($ldap_connection, $ldap_search); @@ -643,7 +643,7 @@ function ldap_delete_group($ldap_connection,$group_name) { if (isset($group_name)) { - $delete_query = "cn=" . ldap_escape($group_name, "", LDAP_ESCAPE_FILTER) . ",${LDAP['group_dn']}"; + $delete_query = "${LDAP['group_attribute']}=" . ldap_escape($group_name, "", LDAP_ESCAPE_FILTER) . ",${LDAP['group_dn']}"; $delete = @ ldap_delete($ldap_connection, $delete_query); if ($delete) { @@ -668,7 +668,7 @@ function ldap_get_gid_of_group($ldap_connection,$group_name) { if (isset($group_name)) { - $ldap_search_query = "(cn=" . ldap_escape($group_name, "", LDAP_ESCAPE_FILTER) . ")"; + $ldap_search_query = "(${LDAP['group_attribute']}=" . ldap_escape($group_name, "", LDAP_ESCAPE_FILTER) . ")"; $ldap_search = @ ldap_search($ldap_connection, "${LDAP['group_dn']}", $ldap_search_query , array("gidNumber")); $result = @ ldap_get_entries($ldap_connection, $ldap_search); @@ -865,7 +865,7 @@ function ldap_add_member_to_group($ldap_connection,$group_name,$username) { if ($LDAP['rfc2307bis_check_run'] != TRUE) { $rfc2307bis_available = ldap_detect_rfc2307bis($ldap_connection); } - $group_dn = "cn=" . ldap_escape($group_name, "", LDAP_ESCAPE_FILTER) . ",${LDAP['group_dn']}"; + $group_dn = "${LDAP['group_attribute']}=" . ldap_escape($group_name, "", LDAP_ESCAPE_FILTER) . ",${LDAP['group_dn']}"; if ($LDAP['group_membership_uses_uid'] == FALSE) { $username = "${LDAP['account_attribute']}=$username,${LDAP['user_dn']}"; @@ -900,7 +900,7 @@ function ldap_delete_member_from_group($ldap_connection,$group_name,$username) { else { if ($LDAP['rfc2307bis_check_run'] != TRUE) { $rfc2307bis_available = ldap_detect_rfc2307bis($ldap_connection); } - $group_dn = "cn=" . ldap_escape($group_name, "", LDAP_ESCAPE_FILTER) . ",${LDAP['group_dn']}"; + $group_dn = "${LDAP['group_attribute']}=" . ldap_escape($group_name, "", LDAP_ESCAPE_FILTER) . ",${LDAP['group_dn']}"; if ($LDAP['group_membership_uses_uid'] == FALSE and $username != "") { $username = "${LDAP['account_attribute']}=$username,${LDAP['user_dn']}"; diff --git a/www/setup/run_checks.php b/www/setup/run_checks.php index 3f88f3f..7787655 100644 --- a/www/setup/run_checks.php +++ b/www/setup/run_checks.php @@ -187,7 +187,7 @@ else { } -$defgroup_filter = "(&(objectclass=posixGroup)(cn=${DEFAULT_USER_GROUP}))"; +$defgroup_filter = "(&(objectclass=posixGroup)(${LDAP['group_attribute']}=${DEFAULT_USER_GROUP}))"; $ldap_defgroup_search = ldap_search($ldap_connection, "${LDAP['base_dn']}", $defgroup_filter); $defgroup_result = ldap_get_entries($ldap_connection, $ldap_defgroup_search); @@ -207,7 +207,7 @@ else { } -$adminsgroup_filter = "(&(objectclass=posixGroup)(cn=${LDAP['admins_group']}))"; +$adminsgroup_filter = "(&(objectclass=posixGroup)(${LDAP['group_attribute']}=${LDAP['admins_group']}))"; $ldap_adminsgroup_search = ldap_search($ldap_connection, "${LDAP['base_dn']}", $adminsgroup_filter); $adminsgroup_result = ldap_get_entries($ldap_connection, $ldap_adminsgroup_search);